barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2026-05-27 22:50:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f006ebe5e42bde04cba96c13f5b66a67d94ba3dd
tinyauth/internal
T
History
Olivier Dumont f006ebe5e4 Fix open redirect vulnerability in authorize endpoint 
Per OAuth 2.0 RFC 6749 §4.1.2.1, errors should NOT redirect to
unvalidated redirect_uri values. This fix:

- Returns JSON errors for failures before redirect_uri validation
  (missing parameters, invalid client)
- Only redirects to redirect_uri after it has been validated
  against registered client URIs
- Prevents open redirect attacks where malicious redirect_uri
  values could be used to redirect users to attacker-controlled sites
2025-12-30 12:40:01 +01:00
..
assets
Add OIDC provider functionality with validation setup
2025-12-30 12:17:55 +01:00
bootstrap
Add OIDC provider functionality with validation setup
2025-12-30 12:17:55 +01:00
config
Add OIDC provider functionality with validation setup
2025-12-30 12:17:55 +01:00
controller
Fix open redirect vulnerability in authorize endpoint
2025-12-30 12:40:01 +01:00
middleware
feat: forward sub from oidc providers (#543)
2025-12-26 19:02:51 +02:00
model
Add OIDC provider functionality with validation setup
2025-12-30 12:17:55 +01:00
service
Implement PKCE (Proof Key for Code Exchange) support
2025-12-30 12:39:00 +01:00
utils
Add OIDC provider functionality with validation setup
2025-12-30 12:17:55 +01:00